msb-public
/
cloudreve
mirror of https://github.com/cloudreve/Cloudreve
1
0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3edb00a648'
${ noResults }
cloudreve/middleware/session.go

68 lines
1.6 KiB
Raw Normal View History Unescape

Feat: User login
5 years ago
package middleware
import (
feat(kv): persist cache and session into disk before shutdown
1 year ago
"github.com/cloudreve/Cloudreve/v3/pkg/cache"
"github.com/cloudreve/Cloudreve/v3/pkg/sessionstore"
Added `same-site` policy for session options (#1381) * Feat: added same-site policy for session options * Feat: configurations in conf package to control the `SameSite` mode and `Secure` value of the session. Co-authored-by: AaronLiu <abslant@126.com>
2 years ago
"net/http"
"strings"
Comply with Golang semantic import versioning (#630) * Code: compatible with semantic import versioning * Tools & Docs: compatible with semantic import versioning * Clean go.mod & go.sum
4 years ago
"github.com/cloudreve/Cloudreve/v3/pkg/conf"
"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
"github.com/cloudreve/Cloudreve/v3/pkg/util"
Feat: User login
5 years ago
"github.com/gin-contrib/sessions"
"github.com/gin-gonic/gin"
)
Feat: User/Me
5 years ago
// Store session存储
feat(kv): persist cache and session into disk before shutdown
1 year ago
var Store sessions.Store
Feat: User/Me
5 years ago
Feat: User login
5 years ago
// Session 初始化session
func Session(secret string) gin.HandlerFunc {
Fix: Redis should not be used in test mode
5 years ago
// Redis设置不为空且非测试模式时使用Redis
feat(kv): persist cache and session into disk before shutdown
1 year ago
Store = sessionstore.NewStore(cache.Store, []byte(secret))
Modify: code style
5 years ago
Added `same-site` policy for session options (#1381) * Feat: added same-site policy for session options * Feat: configurations in conf package to control the `SameSite` mode and `Secure` value of the session. Co-authored-by: AaronLiu <abslant@126.com>
2 years ago
sameSiteMode := http.SameSiteDefaultMode
switch strings.ToLower(conf.CORSConfig.SameSite) {
case "default":
sameSiteMode = http.SameSiteDefaultMode
case "none":
sameSiteMode = http.SameSiteNoneMode
case "strict":
sameSiteMode = http.SameSiteStrictMode
case "lax":
sameSiteMode = http.SameSiteLaxMode
}
Feat: User/Me
5 years ago
// Also set Secure: true if using SSL, you should though
Added `same-site` policy for session options (#1381) * Feat: added same-site policy for session options * Feat: configurations in conf package to control the `SameSite` mode and `Secure` value of the session. Co-authored-by: AaronLiu <abslant@126.com>
2 years ago
Store.Options(sessions.Options{
HttpOnly: true,
MaxAge: 60 * 86400,
Path: "/",
SameSite: sameSiteMode,
Secure: conf.CORSConfig.Secure,
})
Feat: User/Me
5 years ago
return sessions.Sessions("cloudreve-session", Store)
Feat: User login
5 years ago
}
Fix: file preview URL in share page should not be accessed directly
4 years ago
// CSRFInit 初始化CSRF标记
func CSRFInit() gin.HandlerFunc {
return func(c *gin.Context) {
util.SetSession(c, map[string]interface{}{"CSRF": true})
c.Next()
}
}
// CSRFCheck 检查CSRF标记
func CSRFCheck() gin.HandlerFunc {
return func(c *gin.Context) {
if check, ok := util.GetSession(c, "CSRF").(bool); ok && check {
c.Next()
return
}
i18n: logs in bootstrapper and response code in middleware
2 years ago
c.JSON(200, serializer.Err(serializer.CodeNoPermissionErr, "Invalid origin", nil))
Fix: file preview URL in share page should not be accessed directly
4 years ago
c.Abort()
}
}